Lucene search

MitreCVE-2013-2770

HistoryApr 07, 2013 - 5:55 p.m.

CVE-2013-2770

2013-04-0717:55:02

CWE-20

mitre

web.nvd.nist.gov

novell

kanaka

oes

mac os x

ssl

x.509 certificate

man-in-the-middle attack

cve-2013-2770

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

45.0%

JSON

The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server’s X.509 certificate during an SSL session, which allows man-in-the-middle attackers to spoof servers via an arbitrary certificate.

Affected configurations

Nvd

Node

novellkanakaRange≤2.7.1-macos

novellkanakaMatch2.7-macos

AND

novellopen_enterprise_server

VendorProductVersionCPE
novellkanaka*cpe:2.3:a:novell:kanaka:*:-:*:*:*:macos:*:*
novellkanaka2.7cpe:2.3:a:novell:kanaka:2.7:-:*:*:*:macos:*:*
novellopen_enterprise_server*cpe:2.3:o:novell:open_enterprise_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
novell	kanaka	*	cpe:2.3:a:novell:kanaka::-::::macos::
novell	kanaka	2.7	cpe:2.3:a:novell:kanaka:2.7:-::::macos::*
novell	open_enterprise_server	*	cpe:2.3:o:novell:open_enterprise_server::::::::

References

www.novell.com/support/kb/doc.php?id=7011965

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.001

Percentile

45.0%

JSON

Related for CVE-2013-2770